Security

DataDriven runs on Amazon Web Services (AWS). All traffic is encrypted in transit using TLS 1.2 or higher. Data at rest is encrypted using AES-256. Servers are hosted in US regions with access restricted to authorized personnel only.

All code execution is securely sandboxed with strict resource limits and isolation to protect both you and our infrastructure.

We use industry-standard OAuth 2.0 via Google and LinkedIn for authentication. We never receive or store your password from these providers. Session tokens are short-lived JWTs stored only in the client and refreshed automatically. Email/password accounts use bcrypt hashing.

We collect only what is necessary: email address and display name (from OAuth provider), and learning activity data (challenge attempts, lesson progress, skill scores).

We do not store payment information directly. Web subscriptions are processed securely through Stripe. Mobile subscriptions are managed through the Apple App Store.

API endpoints enforce authentication and authorization checks. Administrative operations require elevated privileges. Database access follows least-privilege principles with role-based access controls.

If you discover a security vulnerability, please report it responsibly by emailing support@datadriven.io with details. We take all reports seriously and will respond within 48 hours.